UNPKG

@defikitdotnet/education-module-ai

Version:
233 lines (232 loc) 12.1 kB
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __generator = (this && this.__generator) || function (thisArg, body) { var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype); return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function (v) { return step([n, v]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while (g && (g = 0, op[0] && (_ = 0)), _) try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [op[0] & 2, t.value]; switch (op[0]) { case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [0]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.authenticateStudent = authenticateStudent; exports.authenticateTeacher = authenticateTeacher; var jsonwebtoken_1 = __importDefault(require("jsonwebtoken")); var SqliteAdapter_1 = require("../database/SqliteAdapter"); var StudentRepository_1 = require("../repositories/StudentRepository"); var TeacherRepository_1 = require("../repositories/TeacherRepository"); var path_1 = __importDefault(require("path")); /** * Extract the JWT token from the authorization header */ function extractToken(req) { var authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith("Bearer ")) { return null; } return authHeader.split(" ")[1]; } /** * Middleware to authenticate students * * Student tokens should contain: * - studentId: The student's ID (changed from id for clarity) */ function authenticateStudent(req, res, next) { return __awaiter(this, void 0, void 0, function () { var token, secret, decoded, dbPath, studentDetails, dbAdapter, studentRepository, dbError_1, error_1; return __generator(this, function (_a) { switch (_a.label) { case 0: token = req.cookies.studentAuthToken; secret = process.env.JWT_SECRET; if (!secret) { console.error("JWT_SECRET is not set in environment variables for student auth"); res.status(500).json({ error: "Server configuration error" }); return [2 /*return*/]; } if (!token) { console.log("Student auth middleware: No token found in cookies"); res.status(401).json({ error: "Authentication required" }); return [2 /*return*/]; } _a.label = 1; case 1: _a.trys.push([1, 7, , 8]); decoded = jsonwebtoken_1.default.verify(token, secret); if (!decoded.studentId) { console.log("Student auth middleware: Invalid token payload (missing studentId)"); res.status(401).json({ error: "Invalid token" }); return [2 /*return*/]; } dbPath = process.env.DB_PATH ? path_1.default.isAbsolute(process.env.DB_PATH) ? process.env.DB_PATH : path_1.default.resolve(process.cwd(), process.env.DB_PATH) : path_1.default.resolve(process.cwd(), "data/education.db"); console.log("DB_PATH used:", dbPath); console.log("Decoded studentId from JWT:", decoded.studentId); studentDetails = null; dbAdapter = new SqliteAdapter_1.SqliteAdapter(dbPath); studentRepository = new StudentRepository_1.StudentRepository(dbAdapter); _a.label = 2; case 2: _a.trys.push([2, 4, 5, 6]); return [4 /*yield*/, studentRepository.findById(decoded.studentId)]; case 3: studentDetails = _a.sent(); return [3 /*break*/, 6]; case 4: dbError_1 = _a.sent(); dbAdapter.close(); res.status(500).json({ error: "Error fetching user data" }); return [2 /*return*/]; case 5: dbAdapter.close(); return [7 /*endfinally*/]; case 6: console.log("Student found in DB:", studentDetails); if (!studentDetails) { console.log("Student auth middleware: Student not found in DB for ID:", decoded.studentId); res.status(401).json({ error: 'Student not found' }); return [2 /*return*/]; } // Attach the full student details to the request req.student = studentDetails; next(); return [3 /*break*/, 8]; case 7: error_1 = _a.sent(); if (error_1 instanceof jsonwebtoken_1.default.TokenExpiredError) { console.log("Student auth middleware: Token expired"); res.status(401).json({ error: "Token expired" }); } else if (error_1 instanceof jsonwebtoken_1.default.JsonWebTokenError) { console.log("Student auth middleware: Invalid token", error_1.message); res.status(401).json({ error: "Invalid token" }); } else { console.error("Student auth middleware error:", error_1); res .status(500) .json({ error: "Internal server error during authentication" }); } return [3 /*break*/, 8]; case 8: return [2 /*return*/]; } }); }); } /** * Middleware to authenticate teachers * * Teacher tokens should contain: * - teacherId: The teacher's ID */ function authenticateTeacher(req, res, next) { return __awaiter(this, void 0, void 0, function () { var token, secret, decoded, teacherDetails, dbAdapter, teacherRepository, dbError_2, error_2; return __generator(this, function (_a) { switch (_a.label) { case 0: token = req.cookies.teacherAuthToken; secret = process.env.JWT_SECRET; if (!secret) { console.error("JWT_SECRET is not set in environment variables for teacher auth"); res.status(500).json({ error: "Server configuration error" }); return [2 /*return*/]; } if (!token) { console.log("Teacher auth middleware: No token found in cookies"); res.status(401).json({ error: "Authentication required" }); return [2 /*return*/]; } _a.label = 1; case 1: _a.trys.push([1, 7, , 8]); decoded = jsonwebtoken_1.default.verify(token, secret); if (!decoded.teacherId) { console.log("Teacher auth middleware: Invalid token payload (missing teacherId)"); res.status(401).json({ error: "Invalid token" }); return [2 /*return*/]; } teacherDetails = null; dbAdapter = new SqliteAdapter_1.SqliteAdapter(); teacherRepository = new TeacherRepository_1.TeacherRepository(dbAdapter); _a.label = 2; case 2: _a.trys.push([2, 4, 5, 6]); return [4 /*yield*/, teacherRepository.findById(decoded.teacherId)]; case 3: teacherDetails = _a.sent(); return [3 /*break*/, 6]; case 4: dbError_2 = _a.sent(); dbAdapter.close(); res.status(500).json({ error: "Error fetching user data" }); return [2 /*return*/]; case 5: dbAdapter.close(); return [7 /*endfinally*/]; case 6: if (!teacherDetails) { console.log("Teacher auth middleware: Teacher not found in DB for ID:", decoded.teacherId); res.status(401).json({ error: 'Teacher not found' }); return [2 /*return*/]; } // Attach the full teacher details to the request req.teacher = teacherDetails; next(); return [3 /*break*/, 8]; case 7: error_2 = _a.sent(); if (error_2 instanceof jsonwebtoken_1.default.TokenExpiredError) { console.log("Teacher auth middleware: Token expired"); res.status(401).json({ error: "Token expired" }); } else if (error_2 instanceof jsonwebtoken_1.default.JsonWebTokenError) { console.log("Teacher auth middleware: Invalid token", error_2.message); res.status(401).json({ error: "Invalid token" }); } else { console.error("Teacher auth middleware error:", error_2); res .status(500) .json({ error: "Internal server error during authentication" }); } return [3 /*break*/, 8]; case 8: return [2 /*return*/]; } }); }); }